Data Protection Policy

PRIVACY and DATA PROTECTION POLICY

In the course of your use of this website, BitBox Ltd collects and uses data, some of it identified as ‘Personal Data’. This policy outlines what data is collected and how it is used.

Continued use of the website demonstrates that users accept and understand this policy.

BitBox acquires, holds and processes information, some of which is identified as personal information, in order to effectively manage staff and contractors, and to smoothly undertake business with customers, suppliers and other stakeholders. This document outlines the company’s approach to Data Protection and requests all stakeholders read, understand and adhere to this policy.

BitBox acts as a data controller and respects the privacy of individuals and conforms to the applicable laws and regulations on the use of personally identifiable data. BitBox will never sell, exchange or in any way pass on personal information to another party, unless there is a need to do so to complete agreed commercial work or required to do so by a court of law.

GENERAL DATA SECURITY

BitBox operates practices and procedures to comply with the provisions and obligations imposed by the Data Protection Act 2018, and to protect all data submitted and held, protecting it from disclosure, loss, alteration and other inappropriate use. BitBox uses commercial tools in the management of data. It is the company’s policy to only use solutions and services that uphold and communicate Data Protection practices.

The company holds data that is critical to the success of the business and therefore considered sensitive, including (but not limited to) customer names, contract values as well as Intellectual Property – whether designs, concepts or any type of documentation. Some of this information is Personal Information as defined by the ICO. Staff with access to any personal information or company information will not leave such information visible on unattended devices; doing so will be considered a breach of data protection.

It is the policy of BitBox that all Customer, Supplier, Company and Personal Information is only held on authorised internal work systems, such as the CRM. This ensures that access to the data can be properly controlled.

CUSTOMER AND SUPPLIER DATA: ACQUISITION

For the purpose of this Data Protection Policy, the term ‘customer’ includes prospects that request BitBox to take steps prior to entering into a contract. BitBox requests all customers and suppliers that provide ‘personal information’ acknowledge and consent to the sharing of their information for this purpose, and understand and agree to this Data Protection Policy. Where possible and always when collected online, the customer should demonstrate this through an active acceptance that should be recorded. All systems used to hold this information are either web-based and accessed via secure passwords or held on internal systems located in locked premises also with password-controlled access.

To take steps prior to entering in to a contract, BitBox might acquire the following ‘Personal Information’:

Name(s) – first, surname, preferred

Title(s) – used honorific (Mr, Mrs, etc)

Email address

Mobile Phone Number

Role at Company.

BitBox differentiates between Personal Information as defined by the ICO and Company Information. The latter might include Company Name, website url, company phone number, address and so on.

Using standard tools, BitBox also collects anonymous data on website use; this is to improve your experience of using the website. The only time that it is possible to use the data to identify the exact user, is when a submission of the contact form is made. Only at this time it is possible to identify information such as medium used to find BitBox, pages visited on the BitBox website, the type of device used and other non-sensitive data. Please note however, that this information is not routinely held, but is accessible through reporting tools. No intrusive information is collected (nor is possible to collect) such as credit card or banking details, passwords or access to other websites nor browsing history.

Visitors to BitBox might feature on the CCTV. Please note that CCTV is only used for security purposes; data is destroyed after a period of 90 days as long as no unauthorised access to the company’s building is reported. BitBox complies with the ICO guidance on the use of CCTV.

CUSTOMER AND SUPPLIER DATA: RIGHT OF ACCESS

Any customer, supplier or stakeholder has the right to enquire about any ‘Personal Information’ held. On receiving a request, BitBox will respond to your request within 40 days. In accordance with GDPR guidelines, BitBox can levy a fee for responding to the request. For guidance on your rights, please view the Information Commissioner’s Office: https://ico.org.uk/for-the-public/personal-information/.

CUSTOMER AND SUPPLIER DATA: RETENTION

BitBox holds personal information for the duration of ‘doing business’ and for a period thereafter where the opportunity to do business again exists. This shall not exceed 3 years unless the subject has explicitly given permission for the information to be held.

Customers and suppliers have the right to request that any personal information is destroyed in the event no further contact is desired. BitBox maintains the right to hold on to a minimum amount of data to be able to ensure that no further contact is made. This might include name and a means of contact (such as an email address). As complete deletion of all information makes it impossible for BitBox to know who has requested deletion and avoid the addition of personal information ion the future. It is the policy of BitBox that such requests for information to be destroyed is undertaken and recorded in a way that ensures that the wishes of the subject are carried out.

In accordance with UK laws, you may request access to view what information is being held, request that information is not processed or is erased. Please contact our Managing Director, Quentin Lister, with any Data Protection concerns.

COOKIE POLICY

We use industry standard cookies to anonymously track and monitor your experience of this website. We do this to improve your experience and the information shown. Data collected does not identify you or any personal information. A cookie is placed on your machine which tells us information including your approximate location (this data might tell us your town but not address), your browser type and which pages were viewed. We currently hold this data indefinitely to compare the use of the website over the years to ensure that we are continuing to provide improvements to your experience.

Cookies allow websites and applications to store your preferences in order to present content, options or functions that are specific to you.

Data is collected in a way that is lawful, relevant for a specific purpose and is only accessible to staff with password protected access. You can use your web browser’s cookie settings to determine how our website uses cookies. If you do not want our website to store cookies on your computer or device, you should set your web browser to refuse cookies. However, please note that doing this may affect how our website functions. Some pages and services may become unavailable to you. Unless you have changed your browser to refuse cookies, our website will issue cookies when you visit it.